This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight
General context, key principles and hot topics
1 Identify the highest-profile corporate investigation under way in your country, describing and commenting on its most noteworthy aspects.
A Royal Commission into misconduct in the banking, superannuation and financial services industry (often described as the Banking Royal Commission (BRC)) has received a high volume of media and industry attention, particularly since the release of its final report on 1 February 2019. As a result of this report, the country’s key corporate regulator, the Australian Securities and Investments Commission (ASIC), has publicly stated that it will adopt a ‘why not litigate’ enforcement approach, which will have a significant effect on its investigation and enforcement practices.
2 Outline the legal framework for corporate liability in your country.
Under Australian law, offences committed by ‘a person’ will, unless specifically excluded, include a corporation (including those offences punishable by imprisonment). Criminal liability is generally established if both physical and fault elements are proven. Fault elements include intention, knowledge, recklessness and negligence. In the case of strict or absolute liability offences, there are exceptions to the proof of fault elements. These offences are more commonly pursued against a corporation.
If a fault element is required to be proved against a corporation, it may be shown in a variety of statutorily defined ways, including by proof that a corporation failed to maintain a corporate culture of compliance.
3 Which law enforcement authorities regulate corporations? How is jurisdiction between the authorities allocated? Do the authorities have policies or protocols relating to the prosecution of corporations?
Regulation of Australian companies is principally done at federal level, with some limited involvement by state and territory regulators. There is a broad range of law enforcement agencies that have authority to investigate corporations, including, but not limited to, the following:
- ASIC, an independent statutory body that enforces and administers the Corporations Act 2001 (Cth) (the Corporations Act), which is the main corporations legislation in Australia;
- Australian Prudential Regulatory Authority, a statutory body that supervises the banking, insurance and superannuation bodies;
- Australian Competition and Consumer Commission (ACCC), which regulates the interaction between consumers and businesses;
- Australian Criminal Intelligence Commission, which investigates national serious and organised crime, such as cybercrime;
- Australian Federal Police (AFP), which investigates and enforces cross-border compliance, including fraud, drug trafficking, organised crime, money laundering and people smuggling;
- Australian Taxation Office, which enforces compliance with Australia’s taxation legislation;
- Australian Transaction Reports and Analysis Centre (AUSTRAC), which regulates and enforces cross-border financial transactions; and
- Commonwealth Director of Public Prosecutions (CDPP), which prosecutes criminal misconduct based on referrals from investigatory bodies.
Australian regulatory bodies coordinate their efforts so as to share information and intelligence-gathering powers (subject to certain restrictions). In the event of serious criminal allegations, it is common for two or more regulatory authorities to be involved. Joint task forces, such as the Serious Financial Crime Taskforce, have been established to streamline and consolidate information sharing, investigation and reporting lines in Australia.
4 What grounds must the authorities have to initiate an investigation? Is a certain threshold of suspicion necessary to trigger an investigation?
Regulators have wide-ranging statutory investigatory powers. The trigger point is generally suspicion of a breach of legislation within a regulator’s jurisdiction. For example, an investigation under section 13 of the Australian Securities and Investments Commission Act 2001 (Cth) will be triggered if ASIC thinks it expedient for the due administration of corporation legislation and when it has reason to suspect that a contravention may have been committed. The degree of suspicion is not defined but the threshold is low.
5 How can the lawfulness or scope of a notice or subpoena from an authority be challenged in your country?
A company should carefully consider the scope of a notice and any grounds for objecting to it, including whether it has been properly issued, the information sought is clearly defined and relevant, and the request is not oppressive or unreasonable. Any concerns should be raised directly with the law enforcement authority before making an application to the court to set aside the notice.
6 Does your country make use of co-operative agreements giving immunity or leniency to individuals who assist or co-operate with authorities?
Yes, in narrowly defined circumstances, various enforcement bodies can use their discretion for the benefit of defendants who assist with investigations. For example, the ACCC has a ‘first past the post’-style policy that provides immunity to the individual or corporation who is first to disclose cartel conduct and co-operate fully with the investigation. The CDPP has a defined indemnity policy with strict criteria that must be met before a grant of immunity can be sought.
As to leniency, sentencing for criminal conduct is entirely at the discretion of the court. The High Court’s decision in Barbaro v. The Queen makes it clear that a prosecuting body cannot make submissions to the court regarding a preferred sentence or penalty range. More flexibility is provided for negotiated outcomes in civil penalty proceedings.
7 What are the top priorities for your country’s law enforcement authorities?
Top priorities presently include misconduct in the financial services industry, financial crimes and corporate culture, including executive accountability. Cross-border business and transactions are also an area of focus, as are money laundering and tax evasion.
8 To what extent do law enforcement authorities in your jurisdiction place importance on a corporation having an effective compliance programme? What guidance exists (in the form of official guidance, speeches or case law) on what makes an effective compliance programme?
Corporate compliance has become a hot topic since the BRC, with enforcement likely to be a focus for regulators for many years to come. A number of enforcement authorities provide guidance to companies regarding compliance programmes, including ASIC, the Australian Securities Exchange (ASX) and the AFP. Guidance is publicly available via regulator websites, examples including the ‘ASX Corporate Governance Principles and Recommendations’ and ASIC’s ‘Director and officer oversight of non-financial risk report’. In some instances, there is a requirement for compliance programmes to be in place before an entity can operate (such as credit licensees or whistleblowing policies), while in others it is desirable to assist with adherence with the relevant legislation. It is desirable that these are written documents.
The introduction of new legislation, including an offence of failing to prevent foreign bribery and a corresponding defence that adequate procedures are in place, will further necessitate a comprehensive compliance programme. With regard to failure to prevent bribery, draft legislation proposes that the Attorney General should provide guidance to companies as to steps that can be taken to prevent bribery of foreign public officials.
9 Does your country regulate cybersecurity? Describe the approach of local law enforcement authorities to cybersecurity-related failings.
Cybersecurity is legislated at both federal level and state and territory level through various legislative frameworks relating specifically to cybersecurity and more broadly to data protection and privacy. A Joint Cyber Security Centre has been established, which brings together business, government, academia and other key partners. In March 2019, the Australian government announced an intention to increase penalties under the Privacy Act 1988 (Cth) (the Privacy Act) from A$2.1 million to A$10 million, expand the regulator’s scope to ensure breaches are addressed and add further protections to certain vulnerable groups.
10 Does your country regulate cybercrime? What is the approach of law enforcement authorities in your country to cybercrime?
Legislation provides regulation for computer and internet-related offences, such as unlawful access and computer trespass and creates investigation powers and criminal offences designed to protect security, reliability and integrity of computer data and electronic communication. Further, a number of offences addressing cybercrime are contained in the Commonwealth Criminal Code.
Since March 2013, Australia has been a member of the Council of Europe Convention on Cybercrime, which addresses both domestic and international responses to cybercrime.
Cross-border issues and foreign authorities
11 Does local criminal law have general extraterritorial effect? To the extent that extraterritorial effect is limited to specific offences, give details.
Criminal law has extraterritorial effect, provided there is an appropriate nexus to Australia. Conduct must have been either wholly or partly undertaken within Australia. Foreign entities with Australian subsidiaries or associated entities will fall within Australian laws as regards conduct in Australia. For example, if a foreign entity is conducting business in Australia through a subsidiary and the subsidiary breaches Australia’s laws, both may be charged – the subsidiary for a breach of domestic laws and the foreign entity for directly breaching domestic laws or aiding and abetting the breach.
12 Describe the principal challenges that arise in your country in cross-border investigations, and explain whether and how such challenges depend on the other countries involved.
Australia has entered into mutual assistance treaties with numerous countries in a bid to facilitate information sharing and to expedite investigations. There are also information-sharing arrangements with certain jurisdictions, and therefore a formal request for mutual assistance is not always required. However, challenges arise when there are inconsistent approaches to an investigation by regulators. Legislative requirements as to the gathering of evidence, the integrity of investigators and the reliance on compulsory powers can present issues in cross-border matters.
13 Does double jeopardy, or a similar concept, apply to prevent a corporation from facing criminal exposure in your country after it resolves charges on the same core set of facts in another? Is there anything analogous in your jurisdiction to the ‘anti-piling on’ policy as exists in the United States (the Policy on Coordination of Corporate Resolution Penalties) to prevent multiple authorities seeking to penalise companies for the same conduct?
A person or corporation cannot be tried twice for the same alleged breach of Australian legislation. There is no prohibition in Australia against being prosecuted by multiple authorities where alleged contraventions of the law span the jurisdiction of multiple regulatory agencies; however, there is usually coordination between jurisdictions and agencies, to ensure prosecutions remain in the public interest.
However, double jeopardy does not apply internationally. Accordingly, if offending has traversed multiple jurisdictions, a defendant can be charged with an offence under Australian legislation despite having concluded proceedings of a similar nature in another country. A guilty plea or a negotiated outcome in another jurisdiction may affect the investigation, charge or sentencing in Australia.
There is nothing expressly analogous to the ‘anti-piling on’ policy in the United States.
14 Are ‘global’ settlements common in your country? What are the practical considerations?
Global settlements are not common, per se. Ordinarily, any negotiations regarding settlement in Australia will be influenced by settlements in other jurisdictions. ASIC’s new ‘why not litigate’ approach may affect prospects for a ‘global’ settlement as ASIC will be keen to ensure any resolution withstands public comment in light of the BRC.
15 What bearing do the decisions of foreign authorities have on an investigation of the same matter in your country?
Given the co-operation mechanisms available to Australian regulators (such as mutual assistance agreements), it is possible to conduct concurrent investigations in multiple jurisdictions regarding the same factual matters. It is usual for one or more Australian investigatory bodies to coordinate domestically and with international investigatory bodies. A coordinated effort will usually result in one regulator taking the lead in an investigation and other jurisdictions supporting its efforts to round out the information gathering.
Economic sanctions enforcement
16 Describe your country’s sanctions programme and any recent sanctions imposed by your jurisdiction.
The administration and implementation of Australia’s sanctions laws is done at federal level, by the Department of Foreign Affairs and Trade (DFAT). Sanctions are implemented in accordance with the United Nations Security Council (UNSC) regime and further autonomous, Australia-led sanctions regimes. DFAT has the power to issue a sanctions permit, should it be suitable, which will allow an importer or exporter to undertake activity that would otherwise contravene a sanction imposed in Australia. A full list of Australia’s sanctions regimes is publicly available and it is expected that individuals and companies doing business in Australia should make their own enquiries to ensure compliance.
In April 2019, Australia imposed sanctions on the direct or indirect supply, sale or transfer to the Central African Republic of arms or related materials without the issuance of a sanctions permit. In March 2019, Australia issued autonomous ‘financial sanctions and travel bans on seven Russian individuals for their role in the interception and seizure of Ukrainian naval vessels’.
17 What is your country’s approach to sanctions enforcement? Has there been an increase in sanctions enforcement activity in recent years, for example?
Australia is obliged to closely follow the UNSC in relation to enforcement of sanctions. Contraventions are enforceable against Australian individuals and companies, and certain sanctions will have effect irrespective of whether the activities are located in Australia or overseas. The Australian government has successfully prosecuted a number of companies for sanctions violations. A small number of individuals have also been charged.
In recent times, there has been discussion as to whether sanctions enforcement should also more readily incorporate AUSTRAC, which regulates cross-border monetary transactions, including money laundering and the financing of terrorism.
18 Do the authorities responsible for sanctions compliance and enforcement in your country co-operate with their counterparts in other countries for the purposes of enforcement?
DFAT may consult other Australian government agencies, other countries or the Sanctions Committee of the UNSC on a range of issues, including in consideration of whether to agree to a sanctions permit.
19 Has your country enacted any blocking legislation in relation to the sanctions measures of third countries? Describe how such legislation operates.
Australia currently does not have blocking legislation in relation to sanctions measures taken by third countries.
20 To the extent that your country has enacted any sanctions blocking legislation, how is compliance enforced by local authorities in practice?
Before an internal investigation
21 How do allegations of misconduct most often come to light in companies in your country?
There are a number of ways in which misconduct can be brought to the attention of a company, including the following:
- ASIC conducts a preliminary investigation into every allegation of misconduct to assess whether further action is required. ASIC may be made aware of suspected contraventions by shareholders, media reports or whistleblowers.
- Whistleblower legislation requires that companies have avenues available to employees to report suspected misconduct. Whistleblowers may trigger internal investigations or investigations by ASIC.
- AUSTRAC monitors international transactions and transactions of A$10,000 (or more) and will investigate any suspect transactions under anti-money laundering and counter-terrorism legislation.
- The ASX monitors share trading in publicly listed companies and can enquire into suspicious activities, including spikes in trading volume or share price. The ASX can refer suspected contraventions (such as insider trading) to ASIC for further investigation.
22 Does your country have a data protection regime?
The Privacy Act regulates the handling of personal information and the Australian Privacy Principles (APPs) provide guidelines for dealing with such information. The Notifiable Data Breaches scheme, established through the Privacy Act, obliges entities to notify individuals whose personal information is the subject of a data breach, and the Australian Information Commissioner, when it is likely the breach will result in serious harm.
23 To the extent not dealt with above at question 9, how is the data protection regime enforced?
The data protection regime is enforced through the Office of the Australian Information Commissioner (OAIC). The Privacy Act confers powers on the Commissioner to facilitate compliance with best practice. The OAIC’s preferred regulatory approach is to facilitate compliance and prevent breaches, although it also has investigative and enforcement powers.
24 Are there any data protection issues that cause particular concern in internal investigations in your country?
The APPs regulate how personal information is collected and used. If an entity investigates the actions of an employee, it must be careful that any personal data is collected in accordance with these principles. A heightened level of protection attaches to sensitive information, such as a person’s religious beliefs, sexual orientation or health information. Entities must comply with their legal obligations, particularly those that require an employee to be notified that personal data has been collected. It is also important to consider any implications of cross-border transfer of personal information.
25 Does your country regulate or otherwise restrict the interception of employees’ communications? What are its features and how is the regime enforced?
Employers are bound by contractual arrangements with employees, which often specify the rights an employer has over communications made during the course of employment. Interception of employment-based communications can be triggered by an internal investigation or well-founded suspicion of a contravention of company policy or legal obligations. Interception of personal, non-work-associated communications is governed by strictly applied privacy and telecommunications legislation and is likely to be illegal if beyond the scope of the employment arrangement. Enforcement of this legislation can involve the AFP.
Dawn raids and search warrants
26 Are search warrants or dawn raids on companies a feature of law enforcement in your country? Describe any legal limitations on authorities executing search warrants or dawn raids, and what redress a company has if those limits are exceeded.
Generally, the AFP executes search warrants on behalf of Commonwealth agencies. If an investigation is being conducted by another regulatory body, AFP officers may attend with officers of that regulatory body. Warrants contain information as to the restrictions on entry time, dates and the evidence that can be gathered during the execution of the search warrant, which may include hard copies of documents as well as stored communications (such as computer hard drives or mobile phones). Defendants are entitled to have legal representatives present and to request an itemised list of the property seized, and have a right to challenge the warrant’s validity.
27 How can privileged material be lawfully protected from seizure during a dawn raid or in response to a search warrant in your country?
Defendants may claim legal professional privilege (LPP) over materials seized during a legitimate search. Practically, this may mean the materials are sealed and delivered to the relevant court registry or regulator to await resolution of any disputed privilege claim by litigation or negotiation. The mere seizure of material without it being read does not constitute a waiver of privilege.
28 Under what circumstances may an individual’s testimony be compelled in your country? What consequences flow from such compelled testimony? Are there any privileges that would prevent an individual or company from providing testimony?
During an investigation by a regulator, an individual can usually be compelled to give evidence in an examination. The individual cannot refuse to answer questions on the basis that those answers may tend to incriminate him or her. However, the individual can claim privilege against self-incrimination, meaning that the investigatory body cannot use the evidence gathered as an admission by the individual. Some regulatory bodies can derivatively use the information gathered during these types of examinations.
In a litigation context, an accused person has a right to claim privilege against self-incrimination or self-exposure to penalty, which means that they cannot be required to give evidence during proceedings against them. A witness may object to the giving of evidence in proceedings if the response would tend to prove that the witness had committed an offence under Australian or foreign laws, or make them liable to a civil penalty.
Whistleblowing and employee rights
29 Describe the whistleblowing framework in your country. What financial incentive schemes exist for whistleblowers? What legal protections are in place for whistleblowers?
Whistleblower legislation underwent noteworthy amendment in 2019. Whistleblower protections apply to both current and former employees within a defined list of roles, reporting lines have been expanded and the role of a corporation in affording protections to whistleblowers has been strengthened. It is a strict liability offence not to have a company policy relating to whistleblowing (companies were afforded time following implementation of the legislation to have this policy available).
There is no financial incentive programme in Australia for whistleblowers.
Corporate whistleblowers who provide information to ASIC about contraventions of the Corporations Act are granted three main legal protections, which are that:
- their identity and the information given cannot be disclosed unless authorised by law;
- they are protected against civil or criminal liability for making the disclosure (e.g., for defamation); and
- they are protected against being victimised for making their disclosure.
Protection will only be given to persons who meet certain criteria, including being an existing employee or officer of the company. In the financial sector, whistleblowers who provide information to the Australian Prudential Regulatory Authority are given similar protections.
30 What rights does local employment law confer on employees whose conduct is within the scope of an investigation? Is there any distinction between officers and directors of the company for these purposes?
Under the Fair Work Act 2009 (Cth), certain employees are protected against unfair dismissal. In the event of an internal investigation, certain omissions by the employer may violate the right against unfair dismissal, including failing to provide the employee with a support person. The employee has a right to be given information relating to the allegations against him or her and adequate time to respond.
Under the Corporations Act, officers and directors are subject to significantly higher standards of conduct. Contravention of these duties may attract significant penalties, disqualification or imprisonment.
31 Do employees’ rights under local employment law differ if a person is deemed to have engaged in misconduct? Are there disciplinary or other steps that a company must take when an employee is implicated or suspected of misconduct, such as suspension or in relation to compensation?
If an employee has engaged in misconduct, his or her rights will depend on the precise nature of the misconduct. For example, an internal finding of serious misconduct may constitute valid grounds for dismissal. However, a finding of serious misconduct by law enforcement may constitute an offence, and the employee’s rights would depend on the associated laws.
There are no express requirements for employers to impose disciplinary or other steps if an employee is suspected of misconduct.
If ‘serious misconduct’ is established, the employee’s contract of employment may be immediately terminated. The Fair Work Regulations 2009 (Cth) define ‘serious misconduct’ as including wilful or deliberate behaviour that causes serious or imminent risk to the health or safety of employees or reputation to business. Examples include theft, fraud, assault, being intoxicated at work, or refusing to carry out lawful and reasonable instructions.
32 Can an employee be dismissed for refusing to participate in an internal investigation?
Mere refusal to participate in an internal investigation is unlikely to constitute valid grounds for dismissal.
Commencing an internal investigation
33 Is it common practice in your country to prepare a document setting out terms of reference or investigatory scope before commencing an internal investigation? What issues would it cover?
It is common to set out the scope of an investigation before it commences, although this is not mandatory. Consideration should be given to any regulatory compliance obligations, including reporting obligations. It is common for a board of directors to refer an internal investigation to an external adviser, such as a law firm, particularly if the board has concerns about litigation and risk management.
The terms of reference should outline the key allegations or concerns, define the sources of information that it is proposed should be gathered during the investigation, and identify who will report on the findings or recommendations of the investigation and the recipient of the report.
34 If an issue comes to light prior to the authorities in your country becoming aware or engaged, what internal steps should a company take? Are there internal steps that a company is legally or ethically required to take?
When a company becomes aware of potential issues, an investigation should be undertaken to identify the nature and extent of any misconduct. Care should be taken in setting up the investigation, including to ensure that communications are confidential and privileged to the extent possible. A company may be obliged to report to regulators in relation to certain breaches, or may elect to self-report or seek immunity. Legal advice should be sought prior to making such decisions as the consequences may be serious. A company should work towards containing the breaches and, as far as possible, secure complete cessation of the offending behaviour. Evidence of the suspected breaches should not be destroyed and document preservation notices should be issued in appropriate circumstances. Any dismissal or discipline of individuals suspected to have participated in the misconduct should be carefully managed and based on legal advice.
35 What internal steps should a company in your country take if it receives a notice or subpoena from a law enforcement authority seeking the production or preservation of documents or data?
Compulsory document production notices must be strictly complied with as it is a criminal offence not to do so without a reasonable excuse. The notice may be addressed to an individual or the ‘appropriate officer’ within the company. The named individual does not have to coordinate the response but they should be kept informed as they may be held personally liable for any non-compliance.
It is necessary to make ‘reasonable endeavours’ to respond to a notice. A structured approach to the collation and production of materials should be taken, including where data will be sourced, relevant individuals or custodians of data, document preservation, and how the documents will be collated and stored to preserve original documents and metadata.
36 At what point must a company in your country publicly disclose the existence of an internal investigation or contact from a law enforcement authority?
If the internal investigation is confidential, there is no requirement for a company to disclose its existence publicly. Disclosure may be desirable or required if it is not possible for the conduct to be contained or if media or market speculation needs to be addressed. If the company is being investigated by regulators, disclosure will often depend on the preferred approach of that regulator. It is usual for regulators to ask that disclosure of the fact of their investigation not be made public unless mutually agreed.
Private companies have no legislative obligation to disclose the existence of an internal investigation or contact from law enforcement.
37 How are internal investigations viewed by local enforcement bodies in your country?
An efficiently run internal investigation is welcomed by the regulator, particularly if it leads to self-reporting. In some circumstances, a regulator may ask the corporate to undertake the first stage of the investigation. If an internal investigation is running concurrently with a regulator’s investigation, co-operation in expediting the process and ultimate outcome is encouraged.
38 Can the attorney–client privilege be claimed over any aspects of internal investigations in your country? What steps should a company take in your country to protect the privilege or confidentiality of an internal investigation?
Communications made for the dominant purpose of giving or receiving legal advice, or existing or contemplated litigation, can be subject to a legitimate claim for legal professional privilege. If the dominant purpose relates to a factual investigation, it is unlikely that the communication will be privileged.
Lawyers’ notes regarding internal investigations are usually protected by legal professional privilege. To protect the privilege, all communications should be marked as confidential and privileged and should not be distributed outside the lawyer–client communication lines unless necessary.
39 Set out the key principles or elements of the attorney–client privilege in your country as it relates to corporations. Who is the holder of the privilege? Are there any differences when the client is an individual?
LPP is held by the client (company or individual), not the legal adviser. Employees of the company may have grounds to assert common interest privilege, if the employee reasonably believed the lawyer was giving them legal advice and their interests were not adverse to the company. In circumstances where a company seeks to maintain control over the privileged information, lawyers will ordinarily be instructed to communicate that distinction, adopting a US-style Upjohn or corporate Miranda warning.
40 Does the attorney–client privilege apply equally to in-house and external counsel in your country?
Yes. The dominant purpose test applies, irrespective of whether the lawyer is internal or external to the company. Best practice is for in-house counsel to hold a current practising certificate and be independent. Privilege claims of advice from in-house counsel generally will be scrutinised, particularly if another non-legal position is held within the company, or if counsel is accustomed to providing commercial advice (which will not be privileged).
41 Does the attorney–client privilege apply equally to advice sought from foreign lawyers in relation to (internal or external) investigations in your country?
Yes. Australian clients can claim the privilege if the communications are with a qualified lawyer admitted to practise in the foreign country and the communications satisfy the dominant purpose test.
42 To what extent is waiver of the attorney–client privilege regarded as a co-operative step in your country? Are there any contexts where privilege waiver is mandatory or required?
It is normal for companies and individuals to maintain claims of LPP. Waivers are generally restricted to circumstances in which the entity is essentially opening its doors on a no-restrictions basis. It may be considered that not claiming LPP signals an increased level of co-operation with the investigating authority. A court may compel an entity to produce documents if it has determined that the claims for privilege cannot be maintained. However, regulators are increasingly challenging claims for LPP, including taking some matters to court to dispute claims by companies withholding production of documents on the basis of LPP.
43 Does the concept of limited waiver of privilege exist as a concept in your jurisdiction? What is its scope?
Yes. For instance, a party responding to a compulsory notice to produce documents to ASIC may enter into a voluntary confidential LPP disclosure agreement, which allows production of the documents to ASIC, while protecting them from disclosure to third parties. ASIC will undertake to treat the information as confidential and will defer to the privilege holder if ASIC is compelled to produce the documents. These agreements have not been tested by the courts as to whether they will withstand a challenge.
44 If privilege has been waived on a limited basis in another country, can privilege be maintained in your own country?
Possibly. Relevant considerations will include the context in which the waiver was made (under compulsion or voluntarily), the use of the information subsequent to the waiver and whether, in Australia, privilege would still properly apply to the information.
45 Do common interest privileges exist as concepts in your country? What are the requirements and scope?
Common interest privilege does exist. The interest of the parties claiming the privilege must be the same, or almost the same (such that the parties could use the same lawyer), and it will not be available if they are potentially adverse. There is no requirement for a formal agreement between parties to establish this privilege, nor to identify an intention to claim the privilege at the time of communication, although it is advisable to do so to establish the extent of the common interest.
46 Can privilege be claimed over the assistance given by third parties to lawyers?
It is not uncommon for lawyers to brief third-party experts to assist on matters relevant to the giving of legal advice. Communications with the third party will be covered by LPP if they fall within the dominant purpose test.
If a party serves a report or advice prepared by a third party during litigation, all materials (including briefing materials) used by the third party in informing an opinion generally become discoverable. There are limited circumstances in which a party can resist production of communications underpinning a report.
47 Does your country permit the interviewing of witnesses as part of an internal investigation?
Organisations are permitted to conduct fact-finding interviews during an internal investigation. Consideration should be given to ensuring that the individual is afforded the appropriate amount of time to prepare and respond to questions. Whistleblowers, who may be among the first interviewed, are afforded additional legislative protections that must be adhered to.
48 Can a company claim the attorney–client privilege over internal witness interviews or attorney reports?
LPP can be claimed over witness interviews and reports prepared by legal advisers for the dominant purpose of giving or receiving legal advice or in the preparation of legal proceedings.
49 When conducting a witness interview of an employee in your country, what legal or ethical requirements or guidance must be adhered to? Are there different requirements when interviewing third parties?
Corporate Miranda or Upjohn warnings are not required to be given, although they are common in cross-border investigations. It is prudent to outline the scope of a lawyer’s engagement at the time of the interview, to avoid any misconception as to whether the parties intend privilege to apply. The same approach applies to both current employees and third parties, although there is less scope for privilege to apply to third parties.
50 How is an internal interview typically conducted in your country? Are documents put to the witness? May or must employees in your country have their own legal representation at the interview?
The style of interview will depend on the seriousness of the allegations being investigated. Notes of interviews should be kept confidential and a record of any materials discussed during the interview should be retained for future reference. Generally, a witness will be asked for an independent recollection of events before being presented with any documents. Documents put to a witness should be restricted to those about which the witness has first-hand knowledge. If the allegations are serious and directed to the interviewee, then it is not unusual to provide the interviewee with the option of having their own legal representation at the interview.
Reporting to the authorities
51 Are there circumstances under which reporting misconduct to law enforcement authorities is mandatory in your country?
It is mandatory under anti-money laundering and counter-terrorism financing legislation to report suspicious financial transactions to AUSTRAC. The company must have formed a suspicion that the dealings may be related to an offence (such as money laundering, terrorism financing or operating under a false identity, tax evasion or proceeds of crime) and must report within 24 hours if it relates to terrorism, or otherwise three business days.
Australian financial services licensees must report any significant breaches, or anticipated breaches, of obligations under the Corporations Act.
State legislation may also apply.
52 In what circumstances might you advise a company to self-report to law enforcement even if it has no legal obligation to do so? In what circumstances would that advice to self-report extend to countries beyond your country?
If an internal investigation has led to findings of misconduct, a decision will need to be made whether to self-report. Self-reporting may be advisable if the findings are likely to affect the company’s ability to conduct its business or trading of the company’s shares.
Disclosure to regulators outside Australia may depend on whether the conduct has occurred outside the jurisdiction and the reporting obligations in those other jurisdictions.
53 What are the practical steps you need to take to self-report to law enforcement in your country?
In self-reporting, the company should be prepared to co-operate honestly and completely with authorities and assist regulators’ investigations, which may go beyond internal investigation. This will involve providing to authorities any information gathered during the internal investigation at the time of self-reporting.
The company should be prepared to plead guilty to any offence identified and may be required to assist in the prosecution of related parties. Public disclosure will need to be considered for listed companies, consistent with disclosure obligations.
In certain circumstances, immunity for being first-in-time can be sought when reporting to the ACCC.
Legislation allowing deferred prosecution agreements (DPAs) is proceeding through the Australian Parliament. It has been the subject of extensive consultation and the timing for its implementation is not yet known. Once passed, it is anticipated that this legislation will provide benefits to corporates who self-report relevant offences (see question 66).
Responding to the authorities
54 In practice, how does a company in your country respond to a notice or subpoena from a law enforcement authority? Is it possible to enter into dialogue with the authorities to address their concerns before or even after charges are brought? How?
Companies take seriously their obligation to comply with notices from regulators. It is possible to enter into a dialogue with a regulator in relation to a notice or subpoena, particularly if there are concerns about scope or time for production. This would be done by speaking or writing to a representative of the regulator in the first instance.
55 Are ongoing authority investigations subject to challenge before the courts?
A company may challenge an investigation if the investigation is an abuse of process or harassment.
56 In the event that authorities in your country and one or more other countries issue separate notices or subpoenas regarding the same facts or allegations, how should the company approach this?
Consistency is key when a company is facing allegations of wrongdoing regarding the same facts in multiple jurisdictions. A company should ensure responses are coordinated and that production of documents or information is strictly responsive to the notice. There is no requirement to go beyond the strict terms of the notice and doing so may amount to voluntary disclosure and not be afforded protections (such as confidentiality and privilege) that would otherwise be available.
57 If a notice or subpoena from the authorities in your country seeks production of material relating to a particular matter that crosses borders, must the company search for, and produce material, in other countries to satisfy the request? What are the difficulties in that regard?
Materials must be produced if they are in the possession, custody or control of a company in Australia (irrespective of the location where they are held). It may be possible to resist production of materials outside Australia if to do so would be oppressive.
58 Does law enforcement in your country routinely share information or investigative materials with law enforcement in other countries? What framework is in place in your country for co-operation with foreign authorities?
Australian regulators make use of mutual recognition agreements with regulators from other jurisdictions, such as the International Organisation of Securities Commissions. Less formal arrangements exist between some regulators, such as the AFP’s arrangements with other police agencies globally. Mutual assistance requests are a formal mechanism by which authorities can obtain information from overseas regulators for use in criminal proceedings.
59 Do law enforcement authorities in your country have any confidentiality obligations in relation to information received during an investigation or onward disclosure and use of that information by third parties?
Information produced under compulsion can only be used for the purpose for which it was obtained. Materials can be shared between regulators, subject to satisfying legislative requirements, and can be disclosed to third parties during an investigation if it is deemed necessary.
60 How would you advise a company that has received a request from a law enforcement authority in your country seeking documents from another country, where production would violate the laws of that other country?
Refusing to produce a document that is disclosable under a notice will be a breach and may give rise to legal action by the regulator. Open dialogue with the regulator is encouraged at an early stage to attempt to negotiate an amendment to the notice to exclude production of documents that give rise to a breach of laws in another jurisdiction. Otherwise, the company should look at avenues to challenge the notice.
61 Does your country have secrecy or blocking statutes? What related issues arise from compliance with a notice or subpoena?
Australian data privacy laws prevent the disclosure of certain personal and sensitive information. The APPs apply to government agencies, private sector and not-for-profit organisations (those with an annual turnover of more than A$3 million), private health providers and small businesses.
Disclosure is permitted if compelled (such as by a document production notice or subpoena) or reasonably necessary for one or more enforcement-related activities by an enforcement body. In defending allegations of misconduct, data may also be transferred for the purposes of, or in connection with, legal proceedings (including prospective legal proceedings) or for the purposes of establishing, exercising or defending legal rights.
62 What are the risks in voluntary production versus compelled production of material to authorities in your country? Is this material discoverable by third parties? Is there any confidentiality attached to productions to law enforcement in your country?
It is common for companies to request that a regulator issue a notice to compel the production of materials to preserve claims of confidentiality and privilege. Such a claim may be waived by voluntary production. Regulators can be compelled to produce documents to third parties by court order, but may segregate documents that are subject to claims of privilege (including LPP and public interest immunity) and confidentiality, and leave it to the court to rule on such claims.
Prosecution and penalties
63 What types of penalties may companies or their directors, officers or employees face for misconduct in your country?
Companies can face financial penalties, which can be up to 10 times what is imposed on an individual, or more for offences for which penalties are based on company turnover.
Penalties against an individual will vary depending on the offence. Criminal wrongdoing may result in imprisonment or financial penalties, or both. Civil penalty proceedings can result in fines, compensation orders and disqualification from managing corporations.
64 Where there is a risk of a corporate’s suspension, debarment or other restrictions on continuing business in your country, what options or restrictions apply to a corporate wanting to settle in another country?
The Commonwealth, state and territory governments do not automatically suspend or disbar a company for any conduct, although they do have discretion to preclude a company from public procurement contracts.
65 What do the authorities in your country take into account when fixing penalties?
Courts will consider a range of factors, including the seriousness of the offence, the number of contraventions and the period during which they occurred, the need for general deterrence, remorse, retribution, co-operation and any relevant personal circumstances.
Resolution and settlements short of trial
66 Are non-prosecution agreements or deferred prosecution agreements available in your jurisdiction for corporations?
DPAs are not currently available but are likely to be introduced in the near future (see question 53). Based on the current proposed legislation, DPAs will allow companies to negotiate terms of settlement for allegations of serious corporate crime, which include the setting of a penalty for contravention, but will require approval by an approving officer before they can be finalised. Not all corporate crimes are covered in the proposed legislation and DPAs will not be available to individuals.
DPAs under the proposed incoming legislation are similar to non-prosecution agreements under US law.
Another mechanism in which a company may reach agreement with authorities to avoid prosecution in return for co-operation is by seeking an indemnity, more formally referred to as an undertaking, under the Director of Public Prosecutions Act 1983 (Cth). The circumstances in which an indemnity may be granted are generally governed by the Prosecution Policy of the Commonwealth. In the context of cartel prosecutions, applications are governed by the ACCC Immunity and Cooperation Policy for Cartel Conduct.
67 Does your jurisdiction provide for reporting restrictions or anonymity for corporates that have entered into non-prosecution agreements or deferred prosecution agreements until the conclusion of criminal proceedings in relation to connected individuals to ensure fairness in those proceedings?
There is no certainty regarding implementation of DPAs in Australia at present; however, the proposal is that the DPA be published in full, except in exceptional circumstances, such as when the publication would prejudice court proceedings. This approach would be consistent with that taken when a company has pleaded guilty, or been granted an indemnity for prosecution, but proceedings are also under way against connected individuals or corporate entities (for instance in the case of cartel proceedings).
68 Prior to any settlement with a law enforcement authority in your country, what considerations should companies be aware of?
Considerations relevant to settlement include an assessment of the facts and allegations made against the company, the strength of the evidence, the terms on which the regulator is willing to settle (where they can be agreed) and the potential consequences of any settlement (including on business operations, investigations in other jurisdictions and the risk of collateral civil litigation).
69 To what extent do law enforcement authorities in your country use external corporate compliance monitors as an enforcement tool?
The proposed DPA process suggests the use of an independent monitor, paid for by the company, to assess compliance with the terms of the DPA. The reason for this is, in part, that the body responsible for entering into DPAs with companies, the CDPP, does not have a monitoring function. External corporate compliance monitors have also often had a role in enforceable undertakings with ASIC.
70 Are parallel private actions allowed? May private plaintiffs gain access to the authorities’ files?
Private actions are permitted to run in parallel with criminal or regulatory proceedings, provided they do not prejudice the accused’s right to a fair trial, or the right to maintain privilege against self-incrimination or exposure to penalty, and do not interfere with the criminal proceedings. It is common for private or civil actions to be stayed pending the outcome of criminal proceedings.
Private plaintiffs are entitled to apply to regulators to access files through various mechanisms, including Freedom of Information requests and subpoenas. In addition, ASIC has the power to provide information to private litigants in certain circumstances. The disclosure of information by regulatory bodies is subject to overriding considerations of public interest, the risk of prejudice to an ongoing investigation or proceeding, and statutory restrictions.
Publicity and reputational issues
71 Outline the law in your country surrounding publicity of criminal cases at the investigatory stage and once a case is before a court.
Criminal investigations are generally confidential. An accused has the right to a fair trial and a presumption of innocence. Investigatory bodies, such as the AFP, have media policies that restrict the publication of information that may prejudice an ongoing investigation or affect an accused’s right to a fair trial, particularly in tainting the jury pool.
Criminal court proceedings are a matter of public record. There are limited situations in which a corporation or individual can restrict access to, or publication of, the court proceedings. Although the media are entitled to report on public hearings, they are required to follow orders from the judge concerning non-publication of certain information. Jury deliberations are confidential. It is an offence to publish anything regarding the identity of a juror or the discussions that take place in the jury room.
72 What steps do you take to manage corporate communications in your country? Is it common for companies to use a public relations firm to manage a corporate crisis in your country?
It is common for public relations firms to be hired, particularly in high-profile matters. Lawyers will generally work with a public relations firm to ensure accuracy of reporting and in making any public statements during an investigation or proceeding.
73 How is publicity managed when there are ongoing related proceedings?
Corporations need to carefully manage the release of information regarding ongoing proceedings to avoid being in contempt of, or prejudicing, the proceedings, especially any criminal proceedings before a jury, and to meet any relevant continuous disclosure obligations. Regulators will announce the commencement of proceedings and may provide procedural updates but generally will not comment on substantive matters for the duration of the proceeding.
Duty to the market
74 Is disclosure to the market in circumstances where a settlement has been agreed but not yet made public mandatory?
If the settlement is likely to have a material effect on the price or value of the company’s securities and does not fall within an exception (such as the information being confidential), it is required to be disclosed to the market by a public company. Confidentiality alone is not grounds for non-disclosure of the fact of settlement. It is often the case that parties agree the terms of disclosure of a settlement as part of the settlement negotiations.
75 Do you expect to see any key regulatory or legislative changes emerge in the next year or so designed to address corporate misconduct?
The outworking of the BRC is likely to result in a higher volume of civil penalty proceedings and criminal proceedings against companies and individuals arising from investigations by regulatory bodies such as ASIC and the Australian Financial Complaints Authority (which provides a dispute resolution mechanism for consumers). Consequential civil litigation is likely to arise in the form of class actions or other private civil actions, in which individuals and organisations seek to make use of the regulators’ more public and aggressive enforcement approach.
 Ben Luscombe, Angela Pearsall and Tim Grave are partners, Kirsten Scott is a counsel and Lara Gotti is a senior associate at Clifford Chance.